Zugang zum Onlinbanking von der Bank gesperrt

17.11.2010, 01:14

ilss

Member

Beiträge: 18

#1 Guten Abend,

ich habe hier einen PC, der vermutlich Auslöser einer Sperrung des Zugangs zum Onlinebanking ist.
Ich habe etwas voreilig den ESET Onlinescanner laufen lassen. Aber alle Dateien die dabei berührt wurden, sind noch in Quarantäne. Der Task mit den Scan Results von Eset ist noch geöffnet und wartet auf Anweisung zum Umgang mit den gefundenen Daten.

Also zunächst die Eset Aktionen:

Code

C:\DaSi\stick\Nero-6.6.1.15a.exe    Win32/Toolbar.AskSBar application    deleted - quarantined
C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\46\254ef42e-3f3c1751    probably a variant of Win32/Agent.LMMBFXF trojan    cleaned by deleting - quarantined
C:\Dokumente und Einstellungen\xxxx\Eigene Dateien\Prog_Inst\driveImage\driveimage\2\KeyGen\keygen.exe    probably a variant of Win32/Agent.FRJYSCV trojan    cleaned by deleting - quarantined
C:\Dokumente und Einstellungen\xxxx\Eigene Dateien\stick\Nero-6.6.1.15a.exe    Win32/Toolbar.AskSBar application    deleted - quarantined
F:\ISO´s\driveImage\driveimage\2\KeyGen\keygen.exe    probably a variant of Win32/Agent.FRJYSCV trojan    cleaned by deleting - quarantined
F:\ISO´s\Spiele\NFS_Underground\NFS Need For Speed Underground v1_3 parche y NOCD for All Europa by MeMnOcH -FUNCIONA!!subido a 29 diciembre\patch_1.3.0_europe.exe    probably a variant of Win32/Agent.BKKPOXI trojan    cleaned by deleting - quarantined
F:\Netz\Nero-6.6.1.15a.exe    Win32/Toolbar.AskSBar application    deleted - quarantined
F:\Netz\Nero-7.10.1.0_deu_update.exe    Win32/Toolbar.AskSBar application    deleted - quarantined
F:\Netz\driveImage\driveimage\2\KeyGen\keygen.exe    probably a variant of Win32/Agent.FRJYSCV trojan    cleaned by deleting - quarantined
F:\Netz\Setool2lite V1.11\setool2lte.exe    a variant of Win32/Packed.Themida application    cleaned by deleting - quarantined
F:\Netz\Setool2lite V1.11\qamaker\qamaker.exe    probably a variant of Win32/Adware.Agent.EKERCEM application    cleaned by deleting - quarantined
F:\Spiele H\Spiele\EA GAMES\NFS_U1\patch_1.3.0_europe.exe    probably a variant of Win32/Agent.BKKPOXI trojan    cleaned by deleting - quarantined

OTL

OTL.txt

Code

OTL logfile created on: 17.11.2010 00:23:56 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Dokumente und Einstellungen\xxxx\Desktop\AV
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 60,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 164,45 Gb Total Space | 69,95 Gb Free Space | 42,54% Space Free | Partition Type: NTFS
Drive E: | 68,90 Gb Total Space | 47,59 Gb Free Space | 69,07% Space Free | Partition Type: NTFS
Drive F: | 232,42 Gb Total Space | 99,33 Gb Free Space | 42,74% Space Free | Partition Type: NTFS
Drive L: | 164,45 Gb Total Space | 69,95 Gb Free Space | 42,54% Space Free | Partition Type: NTFS
 
Computer Name: xxx | User Name: xxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Dokumente und Einstellungen\xxxx\Desktop\AV\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\javaw.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe ()
PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe (Kaspersky Lab)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\SerExt.exe (Siemens AG)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Dokumente und Einstellungen\xxxx\Desktop\AV\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\KMPJLMN.DLL (KYOCERA MITA Corporation)
MOD - C:\WINDOWS\system32\spoolss.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
SRV - (ntrconnect) -- C:\Programme\NTR global\NTRconnect\NTRconnect.exe (NTRglobal)
SRV - (Macromedia Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (AcrSch2Svc) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (xControlCOM) -- C:\Programme\Gigaset DECT\talk&surf\xcontrolcom.exe (Siemens)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (V2i Protector) -- C:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe (PowerQuest Corporation)
SRV - (GEARSecurity) -- C:\WINDOWS\system32\gearsec.exe (GEAR Software)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (catchme) -- C:\DOKUME~1\xxxx\LOKALE~1\Temp\catchme.sys File not found
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (tdrpman228) Acronis Try&Decide and Restore Points filter (build 228) -- C:\WINDOWS\system32\DRIVERS\tdrpm228.sys (Acronis)
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (klbg) -- C:\WINDOWS\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab)
DRV - (kl1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (m5289) -- C:\WINDOWS\system32\DRIVERS\m5289.sys (ULi Electronics Inc.)
DRV - (uliagpkx) -- C:\WINDOWS\system32\DRIVERS\agpkx.sys (ULi Electronics Inc.)
DRV - (ULI5261XP) -- C:\WINDOWS\system32\drivers\ULILAN51.SYS (ULi Electronics Inc.)
DRV - (Gigusb) -- C:\WINDOWS\system32\drivers\Gigusb.sys (Siemens AG)
DRV - (DectEnum) -- C:\WINDOWS\system32\drivers\DectEnum.sys (Siemens AG)
DRV - (siellif) -- C:\WINDOWS\system32\drivers\siellif.sys (Siemens AG)
DRV - (IUAPIWDM) ISDN USB Interface (Ver. 1.20.0032) -- C:\WINDOWS\system32\drivers\IUAPIWDM.sys (SIEMENS AG)
DRV - (HRCMPA) ISDN Wan driver (Ver. 1.20.0032) -- C:\WINDOWS\system32\drivers\hrcmpa.sys (SIEMENS AG)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura)
DRV - (PQV2i) -- C:\WINDOWS\System32\drivers\PQV2i.sys (StorageCraft)
DRV - (PQIMount) -- C:\WINDOWS\System32\drivers\PQIMount.sys (PowerQuest Corporation)
DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)
DRV - (EL99X) -- C:\WINDOWS\system32\drivers\EL99XN51.SYS (3Com Corporation)
DRV - (fpcibase) -- C:\WINDOWS\system32\drivers\fpcibase.sys (AVM GmbH)
DRV - (AVMWAN) -- C:\WINDOWS\system32\drivers\avmwan.sys (AVM GmbH)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.10.30 17:20:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.30 17:20:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2009.11.25 23:23:39 | 000,000,000 | ---D | M]
 
[2009.12.10 13:59:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Mozilla\Extensions
[2010.11.15 04:53:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Mozilla\Firefox\Profiles\1rz9kp4y.default\extensions
[2010.04.30 02:51:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Mozilla\Firefox\Profiles\1rz9kp4y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.11.15 04:53:49 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.08.23 19:57:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.15 01:13:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2009.12.10 14:36:34 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.03.08 11:24:04 | 000,103,168 | ---- | M] (Midasplayer Ltd) -- C:\Programme\Mozilla Firefox\plugins\npmidas.dll
[2010.07.17 15:30:26 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.17 15:30:26 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.17 15:30:27 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.17 15:30:27 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.17 15:30:28 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SerExt] C:\WINDOWS\System32\SerExt.exe (Siemens AG)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\xxxx\Startmenü\Programme\Autostart\jAnrufmonitor 5.0.lnk = C:\Programme\jAnrufmonitor\jam.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O16 - DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} https://www.olb.de/olb_fb3_1818/plugin/AXFOAM.CAB (DataDesign DDBAC Plug-In)
O16 - DPF: {57CD0DF4-DACC-439D-9173-3F6A8EC3FFE4} http://yankeecats.dyndns.tv/IPCamPluginMegaDPT.cab (IPCamPluginMegaDPT Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256611510968 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.27 02:47:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{28007924-e8fa-11de-a88b-00138f73d82f}\Shell\AutoRun\command - "" = G:\Programs\nu2menu\nu2menu.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010.11.17 00:11:14 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\xxxx\Recent
[2010.11.16 23:50:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxxx\Desktop\AV
[2010.11.16 15:42:54 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2010.11.16 15:23:24 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010.11.16 15:01:13 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.11.16 14:57:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.11.16 14:57:25 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.11.16 14:57:25 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.11.16 14:57:25 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.11.16 14:57:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.11.15 01:13:08 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.11.15 01:13:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.11.15 01:13:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.11.03 00:26:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\65F1CF6331E0450B96F34A88BE7361A6.TMP
[2010.10.23 00:36:30 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DSS
[2010.10.23 00:06:52 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll
[2010.10.23 00:06:52 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll
[2010.10.23 00:06:51 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll
[2010.10.23 00:06:51 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll
[2010.10.23 00:06:50 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2010.10.23 00:06:50 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2010.10.23 00:06:50 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2010.10.23 00:06:49 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2010.10.23 00:06:49 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2010.10.23 00:06:48 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2010.10.23 00:06:48 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010.11.17 00:22:00 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.11.16 23:57:30 | 000,013,824 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxx\Eigene Dateien\eBayAddresslist.dat
[2010.11.16 20:22:01 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.11.16 15:31:57 | 000,215,383 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.11.16 15:31:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.11.16 15:21:31 | 000,452,226 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.11.16 15:21:31 | 000,435,396 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.11.16 15:21:31 | 000,081,308 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.11.16 15:21:31 | 000,068,292 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.11.16 15:10:37 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.11.16 15:01:17 | 000,000,483 | RHS- | M] () -- C:\boot.ini
[2010.11.14 00:21:43 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.11.12 01:11:28 | 000,748,448 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxx\Desktop\Antrag_ADACZielSparen_als_FhrerscheinSparen[1].pdf
[2010.11.10 01:35:11 | 001,606,273 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxx\Desktop\MCD.pdf
[2010.11.08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010.10.30 03:55:07 | 000,023,999 | ---- | M] () -- C:\Dokumente und Einstellungen\xxxx\Eigene Dateien\AG166.pdf
[2010.10.28 20:01:47 | 000,000,198 | ---- | M] () -- C:\WINDOWS\KTEL.INI
[2010.10.23 00:34:43 | 000,001,904 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Medal of Honor (TM).lnk
[2010.10.23 00:34:43 | 000,000,940 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Medal of Honor (TM) - Multiplayer.lnk
[2010.10.19 11:27:33 | 000,214,472 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010.11.16 15:01:15 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2010.11.16 14:57:25 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.11.16 14:57:25 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.11.16 14:57:25 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.11.16 14:57:25 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.11.16 14:57:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.11.12 01:11:28 | 000,748,448 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxx\Desktop\Antrag_ADACZielSparen_als_FhrerscheinSparen[1].pdf
[2010.11.10 01:35:11 | 001,606,273 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxx\Desktop\MCD.pdf
[2010.10.30 03:54:58 | 000,023,999 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxx\Eigene Dateien\AG166.pdf
[2010.10.23 00:34:43 | 000,001,904 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Medal of Honor (TM).lnk
[2010.10.23 00:34:43 | 000,000,940 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Medal of Honor (TM) - Multiplayer.lnk
[2010.09.23 11:38:09 | 000,000,198 | ---- | C] () -- C:\WINDOWS\KTEL.INI
[2009.11.15 02:34:08 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.10.30 14:32:44 | 002,808,832 | ---- | C] () -- C:\Programme\Gemeinsame DateienDDBACSetup.msi
[2009.10.28 11:12:15 | 000,000,055 | ---- | C] () -- C:\WINDOWS\KMSTMVM.ini
[2009.10.27 11:35:53 | 000,715,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.10.27 11:26:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\FTPStubInstUtils.dll
[2009.10.27 11:03:10 | 000,015,993 | ---- | C] () -- C:\WINDOWS\LxFrame.ini
[2009.10.27 11:02:44 | 000,000,031 | ---- | C] () -- C:\WINDOWS\LxTrans.INI
[2009.10.27 11:01:56 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\KSDB32.DLL
[2009.10.27 11:01:21 | 000,155,709 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll
[2009.10.27 11:01:20 | 000,237,623 | ---- | C] () -- C:\WINDOWS\System32\dnt26.dll
[2009.10.27 11:01:20 | 000,233,527 | ---- | C] () -- C:\WINDOWS\System32\dnt25.dll
[2009.10.27 11:01:20 | 000,229,431 | ---- | C] () -- C:\WINDOWS\System32\dnt23.dll
[2009.10.27 11:01:20 | 000,221,239 | ---- | C] () -- C:\WINDOWS\System32\dnt24.dll
[2009.10.27 11:01:20 | 000,077,882 | ---- | C] () -- C:\WINDOWS\System32\dntvmc26.dll
[2009.10.27 11:01:20 | 000,077,882 | ---- | C] () -- C:\WINDOWS\System32\dntvmc25.dll
[2009.10.27 11:01:20 | 000,077,882 | ---- | C] () -- C:\WINDOWS\System32\dntvmc24.dll
[2009.10.27 11:01:20 | 000,073,786 | ---- | C] () -- C:\WINDOWS\System32\dntvmc23.dll
[2009.10.27 11:01:20 | 000,073,785 | ---- | C] () -- C:\WINDOWS\System32\dntvm26.dll
[2009.10.27 11:01:20 | 000,069,689 | ---- | C] () -- C:\WINDOWS\System32\dntvm25.dll
[2009.10.27 11:01:20 | 000,069,689 | ---- | C] () -- C:\WINDOWS\System32\dntvm24.dll
[2009.10.27 11:01:20 | 000,061,497 | ---- | C] () -- C:\WINDOWS\System32\dntvm23.dll
[2009.10.27 11:01:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FKStampPainter.dll
[2009.10.27 11:01:20 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\SBSPAINT.DLL
[2009.10.27 11:01:19 | 000,192,592 | ---- | C] () -- C:\WINDOWS\System32\LxImport30.dll
[2009.10.27 11:01:19 | 000,114,746 | ---- | C] () -- C:\WINDOWS\System32\MMedia10.dll
[2009.10.27 11:01:19 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\W32MKRC.DLL
[2009.10.27 11:01:19 | 000,094,266 | ---- | C] () -- C:\WINDOWS\System32\LXDasi10.dll
[2009.10.27 11:01:19 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\LxUtl10.dll
[2009.10.27 11:01:19 | 000,015,627 | ---- | C] () -- C:\WINDOWS\System32\WBROLLRS.DLL
[2009.10.27 11:01:18 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\LxAdminTools.dll
[2009.10.27 11:01:18 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\LxImport.dll
[2009.10.27 11:01:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PXTTool.dll
[2009.10.27 11:01:18 | 000,045,113 | ---- | C] () -- C:\WINDOWS\System32\dockbar.dll
[2009.10.27 11:01:18 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\W32btstp.dll
[2009.10.27 11:01:18 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\W32btxlt.dll
[2009.10.27 09:54:23 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2009.10.27 08:08:14 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.10.27 08:08:13 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2009.10.27 08:08:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2009.10.27 07:40:00 | 000,009,728 | ---- | C] () -- C:\Dokumente und Einstellungen\xxxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.27 02:34:09 | 000,004,335 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.06.19 20:06:22 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2009.03.28 00:03:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009.03.28 00:03:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009.03.28 00:03:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009.03.28 00:03:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008.07.09 17:23:54 | 000,024,376 | ---- | C] () -- C:\WINDOWS\System32\TALDM32A.dll
[2008.07.09 17:23:52 | 000,052,536 | ---- | C] () -- C:\WINDOWS\System32\TAL12832.DLL
[2008.07.09 17:23:52 | 000,022,832 | ---- | C] () -- C:\WINDOWS\System32\TALDM32.DLL
[2008.07.09 17:23:08 | 000,255,288 | ---- | C] () -- C:\WINDOWS\System32\SBSPAIN3.DLL
[2008.07.09 17:23:06 | 000,050,488 | ---- | C] () -- C:\WINDOWS\System32\SBSPAIN2.DLL
[2008.07.09 17:22:28 | 000,075,576 | ---- | C] () -- C:\WINDOWS\System32\ENCODE32.DLL
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999.01.22 16:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2009.10.27 21:25:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2010.10.23 00:36:30 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DSS
[2010.04.22 16:11:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PowerQuest
[2010.11.16 23:55:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\STAMPIT
[2009.10.27 21:28:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\Acronis
[2009.10.27 11:52:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\DAEMON Tools
[2009.10.30 14:33:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\DataDesign
[2009.12.10 14:24:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\FRITZ!
[2010.04.22 16:11:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\IsolatedStorage
[2010.09.23 12:53:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\klickIdent
[2010.09.23 11:37:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\klickTel
[2010.06.29 01:33:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\ntr
[2010.02.22 20:03:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\OfficeUpdate12
[2009.12.19 23:52:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\TeamViewer
[2009.10.27 10:16:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxxx\Anwendungsdaten\TeraCopy
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >

Extras.txt

Code

OTL Extras logfile created on: 17.11.2010 00:23:56 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Dokumente und Einstellungen\xxxx\Desktop\AV
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 60,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 164,45 Gb Total Space | 69,95 Gb Free Space | 42,54% Space Free | Partition Type: NTFS
Drive E: | 68,90 Gb Total Space | 47,59 Gb Free Space | 69,07% Space Free | Partition Type: NTFS
Drive F: | 232,42 Gb Total Space | 99,33 Gb Free Space | 42,74% Space Free | Partition Type: NTFS
Drive L: | 164,45 Gb Total Space | 69,95 Gb Free Space | 42,54% Space Free | Partition Type: NTFS
 
Computer Name: xxx | User Name: xxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.js [@ = JSFile] -- C:\Programme\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe (Macromedia, Inc.)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
jsfile [open] -- "C:\Programme\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" = 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{143BE018-D8F8-4014-8CB6-AF63F5799D21}" = ULi LAN Driver
"{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 22
"{30DB11CB-5A5C-471C-B777-3CC12D7BE2C3}" = StarMoney
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{41AD272D-B3E4-486B-826A-F2C03E9DF43E}" = StarMoney 6.0 
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{549514BF-2BDA-422B-9134-67B5A79C2487}" = NTRConnect
"{560E96B3-356D-4572-9FE3-B44F9AB92622}" = CBL Daten-Shredder
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{69CA3A84-6CE4-41C3-9E5F-69135D18D751}" = Gigaset SX3x3isdn
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7BD0D8F8-A13C-48D2-B201-4AD29A48AF34}" = Google SketchUp 7
"{7E7C9FB7-711A-4FF0-B22F-42BD08652096}" = talk&surf 6.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83ED1E80-A1B7-4236-BCF1-AC4A88151A6B}" = Microsoft AutoRoute 2006
"{8D538DFC-1E7A-45F0-9C7B-D8B6629CC2DC}" = PowerQuest Drive Image 7.0
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91130407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{9FFD7E59-7EA4-4D30-98D3-CFB29936BFB8}" = Stampit Home
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A44C0674-862E-4B0A-9F21-10FAA186087F}" = Lexware financial office pro 2004 (Client)
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2009.10.22
"{AC76BA86-1033-F400-BA7E-000000000001}" = Adobe Acrobat 6.0.1 Standard - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{B745E94B-433F-4483-8B0B-DFA947C09CDF}" = klickTel Telefon- und Branchenbuch Frühjahr 2007
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E0E859-F46D-4708-A41D-ED90C0C1822A}" = AcronisTrueImageHome
"{D8E19743-2311-4828-A408-66ECD553C8B1}" = DDBAC
"{E9AB4C16-B5EA-4037-95C8-952DDF992AF5}" = Lexware financial office pro 2004
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"CFF5FD902CAD8828AC62E155C542E69D5439C37A" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor  (04/28/2006 1.3.1.0)
"EasyBCD" = EasyBCD 1.7.2
"ESET Online Scanner" = ESET Online Scanner v3
"GermaniX Transcoder_is1" = GermaniX Transcoder LX v4.0
"InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = CorelDRAW Graphics Suite 11
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"jam50" = jAnrufmonitor 5.0
"king.com" = king.com (remove only)
"klickIdent 18_is1" = klickIdent 18
"Kyocera Product Library" = Kyocera Product Library
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"TeraCopy_is1" = TeraCopy 2.01
"ULi AC'97 Audio Controller Driver" = ULi AC'97 Audio Controller Driver
"ULi M5289 SATA Controller Driver" = ULi M5289 SATA Controller Driver
"ULi PCI 10-100 Fast Ethernet Controller Driver" = ULi PCI 10-100 Fast Ethernet Controller Driver
"ULi PCI to AGP Controller Driver" = ULi PCI to AGP Controller Driver
"VLC media player" = VLC media player 1.0.3
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WS_FTP Pro" = Ipswitch WS_FTP Pro
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ITscope MarketViewer 2.0" = ITscope MarketViewer 2.0
 xxx
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 29.09.2010 18:38:50 | Computer Name = xxx | Source =   | ID = 0
Description = 
 
Error - 29.09.2010 18:38:50 | Computer Name = xxx | Source =   | ID = 0
Description = 
 
Error - 29.09.2010 18:38:50 | Computer Name = xxx | Source =   | ID = 0
Description = 
 
Error - 29.09.2010 18:38:50 | Computer Name = xxx Source =   | ID = 0
Description = 
 
Error - 29.09.2010 18:38:50 | Computer Name = xxx | Source =   | ID = 0
Description = 
 
Error - 29.09.2010 18:38:50 | Computer Name = xxx | Source =   | ID = 0
Description = 
 
Error - 29.09.2010 18:38:50 | Computer Name = xxx | Source =   | ID = 0
Description = 
 
Error - 29.09.2010 18:38:50 | Computer Name = xxx | Source =   | ID = 0
Description = 
 
Error - 29.09.2010 18:38:50 | Computer Name = xxx | Source =   | ID = 0
Description = 
 
Error - 29.09.2010 18:38:50 | Computer Name = xxx | Source =   | ID = 0
Description = 
 
[ System Events ]
Error - 14.11.2010 21:40:34 | Computer Name = xxx | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 15.11.2010 16:09:37 | Computer Name = xxx | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "FUSI",
der
 der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{1A11F8CA-B6EE-431E-B5FF-Transport
 zu sein scheint.  Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 
Error - 15.11.2010 17:33:41 | Computer Name = xxx | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "FUSI",
der
 der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{1A11F8CA-B6EE-431E-B5FF-Transport
 zu sein scheint.  Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 
Error - 16.11.2010 04:41:22 | Computer Name = xxx | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "NOTEBOOK",
der
 der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{1A11F8CA-B6EE-431E--Transport
 zu sein scheint.  Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 
Error - 16.11.2010 05:45:23 | Computer Name = xxx | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "NOTEBOOK",
der
 der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{1A11F8CA-B6EE-431E--Transport
 zu sein scheint.  Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 
Error - 16.11.2010 10:21:21 | Computer Name = xxx | Source = Service Control Manager | ID = 7034
Description = Dienst "WMI-Leistungsadapter" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 16.11.2010 10:22:10 | Computer Name = xxx | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 16.11.2010 10:22:17 | Computer Name = xxx | Source = Service Control Manager | ID = 7034
Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 16.11.2010 14:45:21 | Computer Name = xxx | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "FUSI",
der
 der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{1A11F8CA-B6EE-431E-B5FF-Transport
 zu sein scheint.  Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 
Error - 16.11.2010 16:08:17 | Computer Name = xxx | Source = NetBT | ID = 4321
Description = Der Name "ARBEITSGRUPPE  :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.1.20  registriert werden. Der Computer mit IP-Adresse 192.168.1.46
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
 
< End of report >

17.11.2010, 18:44

ilss

Member

Themenstarter

Beiträge: 18

#2 Gmer Report geht leider nicht. Der Rechner hängt sich dabei auf

Na, ich mach mich mal auf die Suche.

17.11.2010, 18:49

Gastaccount

Passwort: gast

Beiträge: 0

#3 Da du Combofix genutzt hast, solltest du den Bericht auch bitte posten. Hast du sonst noch etwas genutzt, oder hat ein AV Programm irgendetwas gefunden?

18.11.2010, 14:59

ilss

Member

Themenstarter

Beiträge: 18

#4 Hallo

Combofix hängt sich ebenfalls auf und daher gibt es keinen Bericht.
KIS 9 hat keinen Fund gemeldet.

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

» Bank Konto gesperrt aufgrund von Virus !
» "Bad Bank" - was denkt ihr?
»
»
»

Seite(n): 1